Google Aggressively Targets 2029 to Migrate Fully to PQC
None
<p><span data-contrast="none">Security soothsayers predict we’ll reach Q-day, when quantum computers can break current encryption, sometime in the 2030s. But Google plans to be ready before that—aggressively targeting 2029 as the deadline </span><a href="https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/" target="_blank" rel="noopener"><span data-contrast="none">to migrate completely</span></a><span data-contrast="none"> to post-quantum cryptography.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That puts Google well ahead of the NSA, which plans to move to PQC by 2031—other government agencies are aiming for 2035.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Noting that “quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures,” Google wrote in a blog that “the threat to encryption is relevant today with </span><a href="https://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html" target="_blank" rel="noopener"><span data-contrast="none">store-now-decrypt-later attacks</span></a><span data-contrast="none">, while digital signatures are a future threat that require the transition to PQC before a Cryptographically Relevant Quantum Computer (CRQC).” It adjusted its timeline accordingly to “prioritize PQC migration for authentication services,” which it points out is “an important component of online security and digital signature migrations.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The company said it is its “responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="auto">And Google is offering a sign of good faith, underscoring its migration plans. “As an example of our ongoing PQC commitments, </span><a href="http://security.googleblog.com/2026/03/post-quantum-cryptography-in-android.html" target="_blank" rel="noopener"><span data-contrast="auto">Android 17 is integrating PQC digital signature protection using ML-DSA</span></a><span data-contrast="auto"> in alignment with the National Institute of Standards and Technology (NIST),” according to the blog post. “This continues to put advanced PQC technology directly into the hands of our customers, building on our </span><a href="https://cloud.google.com/security/resources/post-quantum-cryptography?e=48754805" target="_blank" rel="noopener"><span data-contrast="auto">Google Chrome support for PQC</span></a><span data-contrast="auto">, </span><a href="https://cloud.google.com/blog/products/identity-security/how-were-helping-customers-prepare-for-a-quantum-safe-future?e=48754805"><span data-contrast="auto">providing PQC solutions in </span></a>the cloud<span data-contrast="auto"> and </span><a href="https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms" target="_blank" rel="noopener"><span data-contrast="auto">insights and guidance for leaders</span></a><span data-contrast="auto"> on their PQC journey.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Google’s announcement of a 2029 timeline for postquantum cryptography migration reinforces how quickly the cryptographic landscape is evolving,” says Jason Soroko, senior fellow at Sectigo. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That same year, Soroko says, “the CA/Browser Forum will reduce the maximum SSL/TLS certificate lifespan to just 47 days, a 12× increase in renewal frequency that fundamentally changes how organizations must operate.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Currently, Sectigo’s </span><a href="https://www.sectigo.com/uploads/resources/Sectigo-State-of-Crypto-Agility-Report-2025.pdf" target="_blank" rel="noopener"><span data-contrast="none">research shows</span></a><span data-contrast="none"> that “90% of organizations see a direct overlap between preparing for short-lived certificates and preparing for PQC adoption.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And, he says, the “parallel 2029 deadlines are not coincidental; they represent two sides of the same challenge: preparing for a world where cryptography must be updated far more frequently and with far greater agility.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Indeed, the “convergence of these deadlines is in some way harmonious: As Google advances the PQC timeline, and as certificate validity shrinks to 47 days, the ecosystem must move together,” Soroko says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Continued collaboration through the IETF and the CA/Browser Forum will be essential to ensuring that organizations can rotate keys, algorithms, and certificates quickly and safely, building the agility needed to secure the quantum era,” he explains.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Sectigo’s research </span><span data-contrast="auto">indicates that organizations “appear to be taking PQC preparation more seriously than the upcoming shift to 47-day certificate lifespans, even though the deadlines attached to certificate lifespans occur sooner,” suggesting that “PQC is viewed as a strategic, long-term imperative tied to existential threats, whereas the 47-day change is seen as a more tactical, operational hurdle.” The research found that 14% of organizations “have done a full assessment of quantum-vulnerable systems, while 90% have budgets allocated to PQC preparedness initiatives in the next 12 months and a few more than that (92 percent) plan to increase their investments in PQC over the next 2-3 years”.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="auto">Sectigo says that taking PQC more seriously than shortened certificated lifespans “may underestimate the urgency of near-term risks: Failure to prepare for shortened certificate lifespans is far more likely to result in immediate outage, application failure, and trust disruption.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="auto">The shorter certificate lifespan is solvable and can be automated, the research contends, “While PQC represents a future-breaking threat, the 47-day challenge poses a present-breaking one, and both require equal prioritization in any robust crypto agile strategy.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/google-aggressively-targets-2029-to-migrate-fully-to-pqc/" data-a2a-title="Google Aggressively Targets 2029 to Migrate Fully to PQC "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgoogle-aggressively-targets-2029-to-migrate-fully-to-pqc%2F&linkname=Google%20Aggressively%20Targets%202029%20to%20Migrate%20Fully%20to%20PQC%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgoogle-aggressively-targets-2029-to-migrate-fully-to-pqc%2F&linkname=Google%20Aggressively%20Targets%202029%20to%20Migrate%20Fully%20to%20PQC%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgoogle-aggressively-targets-2029-to-migrate-fully-to-pqc%2F&linkname=Google%20Aggressively%20Targets%202029%20to%20Migrate%20Fully%20to%20PQC%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgoogle-aggressively-targets-2029-to-migrate-fully-to-pqc%2F&linkname=Google%20Aggressively%20Targets%202029%20to%20Migrate%20Fully%20to%20PQC%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgoogle-aggressively-targets-2029-to-migrate-fully-to-pqc%2F&linkname=Google%20Aggressively%20Targets%202029%20to%20Migrate%20Fully%20to%20PQC%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>